1. If you have any Windows version earlier than 10, your machine is vulnerable unless you installed one of the updates sent out in March. I would not use any non-updated Windows machines at the moment. Patch them or turn them off.

2. The ransomware is old, but it's being vectored by one of the "NSA cyber weapons" that got leaked and posted online. The code is not a zero-day, because the vulnerability it exploits has already been fixed... if the user fixed it.

3. The ransomware does an RSA encryption of all files on the machine, using a unique key, and displays a screen telling how to decrypt them. The procedure includes paying $300 - $600 in bitcoin PER MACHINE to one of several web drops.

4. The effect is worldwide, and astounding.

#75-100 countries are affected, depending on which story you read.# The British NHS has been devastated, with some hospitals having no network computers. Nurses are writing out medical data by hand.# A railway data network in Europe is completely shut down.# FedEx has shut down all Windows machines until Monday, worldwide.# One government TV network estimates they'd have to pay half a billion to ransom every affected machine.# Several governments are reporting major disruptions.

5. The instructions on how to decrypt the files are well written in Russian. Other languages have various awkward wordings indicating translation.

6. It's big.

7. It reminds me, I'm overdue for a full backup. Off to make same......

_________________"Words are the new bullets, satellites the new artillery"--"Winning CNN Wars," Army War College

"One bomb was shown on TV, and the American people bought that war. War is show business."--"Wag the Dog"

Gotta say, I'm really enjoying linux these days. Not just nicely functional, but also democratic in ways that appeal to me.

Gonna be interesting to see how folks will stop AI-level algorithms from being weaponized for purposes like ransomware. Sure hope there is an effort to create AI-level algorithms to counter such activity.

Indeed the evidence, sparse and circumstantial as it is, suggests an origin in Russia. However that country was perhaps the hardest hit. Indeed, this doesn't necessarily mean anything, since when the U.S. and Israel sicced the Stuxnet virus on Iran's nuclear program, they let it spread worldwide for cover.

I'm not sure a RAID array would be any protection. I have a big media-production grade HD like you'd use to store data coming from a digital camera. Shoots have racks of the things. Expensive, but cheaper than reshooting a whole scene because of a disk failure. It is never, ever, turned on except to back up the entire computer disk at once. Then it gets turned off again until needed for whatever reason. I have the capability for a bare metal restore, if it comes to that.

The whole charade that is Internet security, an oxymoron if I ever saw one, is going to bite us big time at some point. I give it about a 99.9% chance. There is a much smaller chance that when it happens, the whole net will be held for ransom. Send $30 billion in bitcoin to [some carefully spoofed IP] if you ever want your global communications system to work again.

One more reason to use the ionosphere for a backup, the way most enlightened agencies are doing now. The US Air Force would love to turn off the ionosphere at will, but so far they haven't found a way. Signals go up... signals come down far far away.

_________________"Words are the new bullets, satellites the new artillery"--"Winning CNN Wars," Army War College

"One bomb was shown on TV, and the American people bought that war. War is show business."--"Wag the Dog"

There's also "best practices." If the data was generated locally (i.e. no input from being connected generally to the internet), then I'd probably seek methods that keep a clean copy of that data; clean in the sense that the device holding that data never comes in direct contact with data from the internet.

Ultimately, I figure that AI-level algorithms will make even obvious best practice methods somewhat difficult to achieve. Nonetheless, all we can do is the best that we can at each stage of development of this technology.

As he worked to reverse-engineer samples of WannaCry on Friday, MalwareTech discovered that the ransomware’s programmers had built it to check whether a certain gibberish URL led to a live web page. Curious why the ransomware would look for that domain, MalwareTech registered it himself. As it turns out, that $10.69 investment was enough to shut the whole thing down—for now, at least.

It turned out that as long as the domain was unregistered and inactive, the query had no effect on the ransomware’s spread. But once the ransomware checked the URL and found it active, it shut down.

Yup, one guy stopped the ransomware FOR NOW just by registering the unregistered domain.

Next go-round I suspect they'll design a more robust kill switch.

No doubt, that is pretty easy to do.

What is difficult to defend against, with comparable AI-level algorithms, will be other AI-level algorithms attempting to bypass whatever fixes the "good guys" put in place.

The pace and advancement of such attacks will quickly surpass what carbon-based humans are capable of keeping up with in real time.

Evolution moves on towards silicon-based lifeforms and we are left in the dust? Time will tell; suppose it depends on silicon-based lifeforms figuring out that we are or are not necessary for their continued existence.

The biggest problem we face: our (human) history indicates that we are unlikely to be able to handle the competition, which means silicon-based lifeforms will attack humans in such a way that will likely bring about our complete extinction and that of most carbon-based lifeforms on this planet.

What happened SINCE the initial attack the other day with this that makes it worse now or continuing?

The attack has been resurrected; it's still happening.

It is likely to be beyond human capacity to figure out another route of attack in such a short time.

What I'm saying is that for the Russians to go there - weaponizing AI-level programs - would be consistent with their own historical precedent (of burning down their own cities in advance of an invading foe).

It's a human thing to sometimes become preemptive at a time when it would be wise to not do so. As talented as the Russians are, they are also way too cynical to ever properly recognize such realities about this universe.

Seems that too many folks in America suffer from the same problem.

Welcome to the future: likely to be much more fucked up than anything you have yet begun to imagine.

Now it's a declarative sentence, but since this is an ethos, it really means "should be used to change your life for the better".

This is why I call malicious douchebags who will hold hospitals hostage, preventing them from treating dying patients until they pay a ransom, lots of things ... but they do not deserve to be called hackers.

Same thing, BTW, I would say about Fancy Bears who think spreading disinformation, working as tools for hire for Russian oligarchs and their mil-industrial complex, and undermining peoples' belief in the democratic process is a noble action. Fuck them and the horse they rode in on, too.

_________________-- Tis an ill wind that blows no minds.Malaclypse the Younger

Yes, hacking used to be an honorable pursuit. It had a lot to do with optimizing code. The media got it wrong on the name, and now the language has it wrong too. So it goes.

I vaguely recall the hacker ethic being something vaguely akin to anarchism. Code should be public, information should belong to the people. Something like that. They had a different name for penetrating networks and filching data, but I don't remember it. Cracking? Software phreaking? Mitnick would know. He lives around here, and after several lawyers and about $30,000 in fees, he was finally allowed to get a ham radio license. He should be in the call sign databases. THEY are still public, though now people are trying to get money to access the details. So much for the Hacker Ethic.

Now the Nooz is all excited about North Korea being behind it all. L.A. times led with this, pushing the most egregious presidential boner in US history off to the side. Gotta have those boogymen to sell those papers. I dunno. I'm willing to believe there was code in common with the Sony hack, but there's the vestige of the hacker ethic again. Everyone reuses other people's code (OPC) if it's better than theirs. There's a dawning realization that maybe you can ask for money for that, but it's pretty recent.

Might as well say Gary Killdall wrote Windows, since some of his CP/M interrupts were byte for byte duplicated in the first DOS.

_________________"Words are the new bullets, satellites the new artillery"--"Winning CNN Wars," Army War College

"One bomb was shown on TV, and the American people bought that war. War is show business."--"Wag the Dog"

I vaguely recall the hacker ethic being something vaguely akin to anarchism. Code should be public, information should belong to the people. Something like that.

Steven Levy's book, Hackers: Heroes of the Computer Revolution, is probably still one of the best sources on the original hacker 'movement' at MIT and Stanford. There was a definite ethos of decentralizing computer power, and putting it in the hands of the masses. Some of the first hackers came out of people who were members of the electric home train builders' club at those universities. Others from ham radio. I would call it more decentralism than libertarianism. They wanted people to have personal computers, not have to pray to the priesthood of the mainframe to have their programming jobs run on the mainframe.

Maybe even 'technopopulism'. There's quite a bit in there, too, about how responsible a fella named Bill Gates was, in subverting the original open source ethos of hackerism (which survives in Linux and the GNU/FSF folks). We also read about two fellas with connections to the phone phreaking community - two blue boxers named Steve Jobs and Steve Wozniak who sold blue boxes to let their fellow dorms make long distance telephone calls home for free. Gates was one of the first to argue that if source code was shared freely with people (the hacker way), how could you possibly charge for the software and make money on it? And then look how much he made....

Hacking was about clever programming, getting into the innards of all technologies (including cable boxes, the phone system, etc.), not really per se about computer intrusion, let alone computer crime.

In general, hackers used to call these dark hat types, the kinds who wrote malicious viruses, broke into the electric grid or phone system to shut it down, or who ransomwared hospitals, crackers. Not to be confused with a slur about white folks. The name came from the way in which they would "crack" copy protection, pirate software - and please note, then resell the pirated software to profit themselves.

This is from the Wikipedia page on the Hacker Ethic - which in turn comes from Levy's book. (I know, I read it.)

[source: Wikipedia/Levy]As Levy summarized in the preface of Hackers, the general tenets or principles of hacker ethic include:[7]

In addition to those principles, Levy also described more specific hacker ethics and beliefs in chapter 2, The Hacker Ethic:[8] The ethics he described in chapter 2 are:

Access to computers—and anything which might teach you something about the way the world works—should be unlimited and total. Always yield to the Hands-On Imperative!Levy is recounting hackers' abilities to learn and build upon pre-existing ideas and systems. He believes that access gives hackers the opportunity to take things apart, fix, or improve upon them and to learn and understand how they work. This gives them the knowledge to create new and even more interesting things.[9][10] Access aids the expansion of technology.

All information should be freeLinking directly with the principle of access, information needs to be free for hackers to fix, improve, and reinvent systems. A free exchange of information allows for greater overall creativity.[11] In the hacker viewpoint, any system could benefit from an easy flow of information,[12] a concept known as transparency in the social sciences. As Stallman notes, "free" refers to unrestricted access; it does not refer to price.[13]

Mistrust authority—promote decentralizationThe best way to promote the free exchange of information is to have an open system that presents no boundaries between a hacker and a piece of information or an item of equipment that he needs in his quest for knowledge, improvement, and time on-line.[12] Hackers believe that bureaucracies, whether corporate, government, or university, are flawed systems.

Hackers should be judged by their hacking, not criteria such as degrees, age, race, sex, or positionInherent in the hacker ethic is a meritocratic system where superficiality is disregarded in esteem of skill. Levy articulates that criteria such as age, sex, race, position, and qualification are deemed irrelevant within the hacker community.[14] Hacker skill is the ultimate determinant of acceptance. Such a code within the hacker community fosters the advance of hacking and software development. In an example of the hacker ethic of equal opportunity,[15] L Peter Deutsch, a twelve-year-old hacker, was accepted in the TX-0 community, though he was not recognized by non-hacker graduate students.

You can create art and beauty on a computerHackers deeply appreciate innovative techniques which allow programs to perform complicated tasks with few instructions.[16] A program's code was considered to hold a beauty of its own, having been carefully composed and artfully arranged.[17] Learning to create programs which used the least amount of space almost became a game between the early hackers.[14]

Computers can change your life for the betterHackers felt that computers had enriched their lives, given their lives focus, and made their lives adventurous. Hackers regarded computers as Aladdin's lamps that they could control.[18] They believed that everyone in society could benefit from experiencing such power and that if everyone could interact with computers in the way that hackers did, then the hacker ethic might spread through society and computers would improve the world.[19] The hacker succeeded in turning dreams of endless possibilities into realities. The hacker's primary object was to teach society that "the world opened up by the computer was a limitless one."

[snip][end]

But, like I said, I don't know how douchebags are improving the world by holding hospitals hostage for ransom; or, for that matter, spreading disinformation and attempting to subvert peoples' faith in democratic systems. Computer intrusion is justifiable to learn about the way various systems to work, or to open up access to information or technology to people. In some sense, this used to be the ethos of Anonymous and Wikileaks, and "hacktivism" in general, but we could discuss where both entities kind of lost their way. Some articles have been written on it. However, if you are using computer intrusion to hurt ordinary people (not large faceless corporations), or worsen their lives (stealing their credit cards or identity or etc.), to put destructive viruses on their machines, or spread disinformation about them (stealing their emails and then altering their contents or misusing them without context so to spread bogus rumors) - that is NOT hacking.

Those folks are not following the hacker ethic, and are merely crackers.

_________________-- Tis an ill wind that blows no minds.Malaclypse the Younger

A good friend of mine has one of Wozniak's blue boxes. It still works, as in tandem-office DTMF still comes out of it. You'd be off your rocker to even think of making calls with it on today's phone system.

Most of the phreaking I can remember was regarding General Telephone's old stepping exchange in the rich kids' ghetto. It was decades obsolete even then, and it made great noises and did fun things, none of them particularly illegal. Some people had their call director figured out so they'd get into PacBell quicker and stand a chance in radio contests. Too advanced for me.

I definitely hear you on this stuff.

I think a lot of the old hacker ethic is now part of the Maker Movement.

_________________"Words are the new bullets, satellites the new artillery"--"Winning CNN Wars," Army War College

"One bomb was shown on TV, and the American people bought that war. War is show business."--"Wag the Dog"

It emphasizes decentralism and anti-authoritarianism, but it mostly arose out of the situation in the 50s and 60s where if you wanted to run your computer program, you took it on a punched card to one of the mainframe operators, they ran it, and you got back your result days later.

The hackers wanted personal computers, where you could run your own programs on them, and edit and debug your own code in front of yourself. They wanted to make technology accessible and computing personal.

Now, yeah, today we all have PCs (and to be clear original-IBM-PC clones running Windows are not the only personal computers, even if they are the dominant variety), although if we were still doing things the hacker way, we would be using open source code, sharing it with each other, and debugging and tinkering with the programs we run (not just using the compiled binaries, where you can't see the source code). We wouldn't wait for giant software corporations to make updates and revisions, we would be doing it ourselves.

Now look, on the one hand, I understand that technopopulism but it lacks one element of realism. Most people just want to run stuff on their computer, not tinker with it or the code that runs on it. They don't want to learn all the complexities of doing either. Apple has always emphasized that other part of the hacker vision: that computers should be elegantly simple to use and user-friendly ... accessible in that way ... even if you're not tinkering with the innards and the underlying schematics and workings.

Also, I like the open source philosophy, but big complex programs are not written by individual people anymore. A lot of the software you use is written by large teams of people who work on different subroutines and sections of it. The belief that one lone hacker can get into those millions of lines of code and find and fix anything whole teams of people miscoded ... is a bit naive.

_________________-- Tis an ill wind that blows no minds.Malaclypse the Younger

it mostly arose out of the situation in the 50s and 60s where if you wanted to run your computer program, you took it on a punched card to one of the mainframe operators, they ran it, and you got back your result days later.

True. It was, to a good extent, the DEC paradigm vs the IBM one. You will notice from a cursory read of history that a lot of this stuff happened on PDP-10s and Vaxen. Tune of "Alice's Restaurant:"

You can hack anything you want, with TECO and DDTYou can hack anything you want, with TECO and DDT$U in and begin to hackTwiddle bits in a core dump and write it backYou can hack anything you want, with TECO and DDT

Obviously computers got too big for that sort of thing, but you get the idea.

UCLA's big old mainframe (biggest in the world at one time, I think) persisted into the late 1980s. The faculty had all struggled with keypunch machines and submitting jobs through a hole in the wall in what was called the Users' Room. They were sure as hell going to take out their revenge on the first year CS undergrads by torturing them with the same. Usually you got your output back in hours, though, not days. It was a BIG ASS mainframe.

It seems obvious that the very act of hacking at the console of an actual machine was, in effect, a blow for democracy and against corporatism.

Must have been heady times. I missed it all.

>Wozniak/Jobs

It seems ironic to me that the two champions of democratized computing ended up with a company where Jobs insisted on closed systems.

But then, everything seems ironic to me.

> Nobody wants to see the source codes

Pretty much true, but I'd love to see anything that explains Windows in simple computerese, let alone English, as opposed to MickeySoft's murky docs.

--------

Good thread. Thanks, Professor.

_________________"Words are the new bullets, satellites the new artillery"--"Winning CNN Wars," Army War College

"One bomb was shown on TV, and the American people bought that war. War is show business."--"Wag the Dog"

It seems ironic to me that the two champions of democratized computing ended up with a company where Jobs insisted on closed systems.

Well, the irony I think arose from the fact that Wozniak was the real hacker/phone phreaker. He was the one who built the blue boxes. Even then, Jobs was the pitchman. He got people to buy the blue boxes Woz built.

Woz was the one who did the hardware stuff for the original Apple II. Jobs had vision, but he left the tech stuff to Woz. I'm not saying he did nothing but pitch - he was into the art and beauty stuff, and because he took a calligraphy class in college, it was his insight that the Mac should have customizable fonts. He also "played the orchestra".

He was a visionary, and the one thing the most recent Jobs film made clear, he was also a dick. Sometimes those things go hand in hand. There were stories he used to walk around the Apple campus, walk up to random employees, demand they justify why they were working there, and fire them on the spot if they couldn't answer right away. Then there is the puzzle of how he treated his own daughter, even as he named the first proto-Macintosh (the Lisa) after her. Puzzling, paradoxical guy.

I do think the Apple philosophy was always that computers should be accessible - not understandable (in terms of the user knowing or being able to rearrange all the underlying software or hardware). Those goals are never exactly the same. But I always love that dialogue in Pirates of Silicon Valley, where Bill Gates reminds Jobs that he took the Mac GUI for Windows from Apple, only after - in reality - Jobs stole it from Xerox PARC....

Things move in weird ways. At this point, the Mac is largely an open platform with a handful of proprietary technologies. Most of the stuff other than Thunderbolt, including the CPU, is open spec/hardware, including the ROMs and the Intel CPUs. Everybody is using Intel CPUs at this point. Nothing's stopping people from cloning the Mac in 2017, well other than I think Tim Cook might still call lawyers, and lack of interest. As for Mac OS X, most of it is based on an open source kernel based on BSD Unix ... and Apple continues to contribute updates to the kernel to the open-source BSD community. Only the Quartz GUI is proprietary, but then, that's the beautiful stuff.

You can run both Linux and Windows on a Mac. Lots of people do. Sometimes as a second OS after a reboot ("Boot Camp"), or within a virtual machine. Also other varieties of BSD.

_________________-- Tis an ill wind that blows no minds.Malaclypse the Younger

Who is online

Users browsing this forum: No registered users and 2 guests

You cannot post new topics in this forumYou cannot reply to topics in this forumYou cannot edit your posts in this forumYou cannot delete your posts in this forumYou cannot post attachments in this forum